001
014
015 package com.liferay.portal.dao.jdbc.pacl;
016
017 import com.liferay.portal.kernel.util.ProxyUtil;
018 import com.liferay.portal.security.lang.PortalSecurityManagerThreadLocal;
019 import com.liferay.portal.security.pacl.PACLPolicy;
020
021 import java.lang.Object;
022 import java.lang.reflect.InvocationHandler;
023 import java.lang.reflect.InvocationTargetException;
024 import java.lang.reflect.Method;
025
026 import java.sql.CallableStatement;
027 import java.sql.Connection;
028 import java.sql.PreparedStatement;
029 import java.sql.Statement;
030
031 import java.util.ArrayList;
032 import java.util.List;
033
034
037 public class PACLConnectionHandler implements InvocationHandler {
038
039 public PACLConnectionHandler(Connection connection, PACLPolicy paclPolicy) {
040 _connection = connection;
041 _paclPolicy = paclPolicy;
042 }
043
044 public Object invoke(Object proxy, Method method, Object[] arguments)
045 throws Throwable {
046
047 try {
048 String methodName = method.getName();
049
050 if (methodName.equals("equals")) {
051 if (proxy == arguments[0]) {
052 return true;
053 }
054 else {
055 return false;
056 }
057 }
058 else if (methodName.equals("hashCode")) {
059 return System.identityHashCode(proxy);
060 }
061 else if (methodName.equals("prepareCall") ||
062 methodName.equals("prepareStatement")) {
063
064 String sql = (String)arguments[0];
065
066 if (!_paclPolicy.hasSQL(sql)) {
067 throw new SecurityException(
068 "Attempted to execute unapproved SQL " + sql);
069 }
070 }
071
072 boolean enabled = PortalSecurityManagerThreadLocal.isEnabled();
073
074 Object returnValue = null;
075
076 try {
077 PortalSecurityManagerThreadLocal.setEnabled(false);
078
079 returnValue = method.invoke(_connection, arguments);
080 }
081 finally {
082 PortalSecurityManagerThreadLocal.setEnabled(enabled);
083 }
084
085 if (methodName.equals("createStatement") ||
086 methodName.equals("prepareCall") ||
087 methodName.equals("prepareStatement")) {
088
089 Statement statement = (Statement)returnValue;
090
091 return ProxyUtil.newProxyInstance(
092 _paclPolicy.getClassLoader(),
093 getInterfaces(returnValue.getClass()),
094 new PACLStatementHandler(statement, _paclPolicy));
095 }
096
097 return returnValue;
098 }
099 catch (InvocationTargetException ite) {
100 throw ite.getTargetException();
101 }
102 }
103
104 protected Class<?>[] getInterfaces(Class<?> returnType) {
105 List<Class<?>> interfaceClasses = new ArrayList<Class<?>>();
106
107 interfaceClasses.add(Statement.class);
108
109 if (!CallableStatement.class.isAssignableFrom(returnType)) {
110 interfaceClasses.add(CallableStatement.class);
111 }
112 else if (!PreparedStatement.class.isAssignableFrom(returnType)) {
113 interfaceClasses.add(PreparedStatement.class);
114 }
115
116 return interfaceClasses.toArray(new Class<?>[interfaceClasses.size()]);
117 }
118
119 private Connection _connection;
120 private PACLPolicy _paclPolicy;
121
122 }